A Forensically Sound Adversary Model for Mobile Devices

TL;DR

This paper introduces a forensic adversary model for mobile devices that ensures forensic soundness, aiding practitioners in evidence collection across various platforms and applications.

Contribution

It presents a new adversary model tailored for mobile forensics that incorporates forensic soundness constraints and demonstrates its application on Android devices.

Findings

Successfully extracted forensic data from Android devices using six popular cloud apps.

The model is adaptable to different mobile platforms and technologies.

Provides a structured methodology for forensic evidence collection.

Abstract

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device.